package com.zx.framework.web.interceptor.spring;

import java.util.List;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.log4j.Logger;
import org.springframework.util.CollectionUtils;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.zx.framework.core.env.CONST;
import com.zx.framework.web.util.RequestUtil;
import com.zx.framework.web.util.UriCache;
/**
 * url权限过滤器
 * @author stylewolf
 *
 */
public class AuthenticationInterceptor  extends HandlerInterceptorAdapter {
	
	private static final Logger LOGGER = Logger.getLogger(AuthenticationInterceptor.class);

	@Override
	public boolean preHandle(HttpServletRequest request,
			HttpServletResponse response, Object handler) throws Exception {
		request.setAttribute("basePath", request.getContextPath());
		String uri = RequestUtil.getRequestUri(request);
		LOGGER.debug("authen-uri:"+uri);
		//获取认证的uri
		List<String> urls = (List<String>) request.getSession().getAttribute(CONST.AUTHEN_SESSION_KEY);
		if(CollectionUtils.isEmpty(urls)){
			throw RequestUtil.throwException(request, "您没有访问系统访问权限！");
		}else{
			if(!UriCache.access(urls, uri)){
				throw RequestUtil.throwException(request, "您没有权限访问此功能！");
			}
		}
		return super.preHandle(request, response, handler);
	}
}
